Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by status
CVE-2023-25780 (GCVE-0-2023-25780)
Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-08 18:01
VLAI
Title
Status Internet Co.,Ltd. PowerBPM - Broken Access Control
Summary
It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Status Internet Co.,Ltd. | PowerBPM |
Affected:
2.0
|
Date Public
2023-05-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:11.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T18:01:50.590665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T18:01:59.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PowerBPM",
"vendor": "Status Internet Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "E4"
}
],
"datePublic": "2023-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-02T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html"
}
],
"source": {
"advisory": "TVN-202305001",
"discovery": "EXTERNAL"
},
"title": "Status Internet Co.,Ltd. PowerBPM - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-25780",
"datePublished": "2023-06-02T00:00:00.000Z",
"dateReserved": "2023-02-15T00:00:00.000Z",
"dateUpdated": "2025-01-08T18:01:59.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4658 (GCVE-0-2010-4658)
Vulnerability from cvelistv5 – Published: 2020-02-07 15:04 – Updated: 2024-08-07 03:51
VLAI
Summary
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
Date Public
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "through 2010"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T15:04:58.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "through 2010"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4658",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4658"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/25/13",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4658",
"datePublished": "2020-02-07T15:04:58.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4659 (GCVE-0-2010-4659)
Vulnerability from cvelistv5 – Published: 2019-11-20 16:47 – Updated: 2024-08-07 03:51
VLAI
Summary
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4659 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "through 2010"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T16:47:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "through 2010"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4659",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4659"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4659",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4659"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/25/13",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4659",
"datePublished": "2019-11-20T16:47:43.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4660 (GCVE-0-2010-4660)
Vulnerability from cvelistv5 – Published: 2019-11-20 15:41 – Updated: 2024-08-07 03:51
VLAI
Summary
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "through 2010"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T15:41:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "through 2010"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4660",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/25/13",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4660",
"datePublished": "2019-11-20T15:41:50.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3370 (GCVE-0-2011-3370)
Vulnerability from cvelistv5 – Published: 2019-11-12 13:59 – Updated: 2024-08-06 23:29
VLAI
Summary
statusnet before 0.9.9 has XSS
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/security/cve/cve-2011-3370 | vendor-advisoryx_refsource_REDHAT |
| https://seclists.org/oss-sec/2011/q3/488 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3370"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3370"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q3/488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "before 0.9.9 and 1.0.0beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "statusnet before 0.9.9 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:59:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3370"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3370"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q3/488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "before 0.9.9 and 1.0.0beta2"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "statusnet before 0.9.9 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3370"
},
{
"name": "Red Hat",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/cve/cve-2011-3370"
},
{
"name": "https://seclists.org/oss-sec/2011/q3/488",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q3/488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3370",
"datePublished": "2019-11-12T13:59:18.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12164 (GCVE-0-2019-12164)
Vulnerability from cvelistv5 – Published: 2019-07-23 22:16 – Updated: 2024-08-04 23:10
VLAI
Summary
ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/status-im/react-native-desktop… | x_refsource_CONFIRM |
| https://github.com/status-im/react-native-desktop… | x_refsource_CONFIRM |
| https://github.com/status-im/react-native-desktop… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:16:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1",
"refsource": "CONFIRM",
"url": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1"
},
{
"name": "https://github.com/status-im/react-native-desktop/pull/475",
"refsource": "CONFIRM",
"url": "https://github.com/status-im/react-native-desktop/pull/475"
},
{
"name": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef",
"refsource": "CONFIRM",
"url": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12164",
"datePublished": "2019-07-23T22:16:57.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4137 (GCVE-0-2013-4137)
Vulnerability from cvelistv5 – Published: 2013-10-11 22:00 – Updated: 2024-09-17 03:07
VLAI
Summary
Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/07/18/5 | mailing-listx_refsource_MLIST |
| http://status.net/2013/07/16/security-alert-sql-i… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130718 CVE-2013-4137: StatusNet v1.1.0: SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/18/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and \"a particular tag format.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T22:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130718 CVE-2013-4137: StatusNet v1.1.0: SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/18/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and \"a particular tag format.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130718 CVE-2013-4137: StatusNet v1.1.0: SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/18/5"
},
{
"name": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x",
"refsource": "CONFIRM",
"url": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4137",
"datePublished": "2013-10-11T22:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:07:53.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3802 (GCVE-0-2011-3802)
Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-09-17 02:02
VLAI
Summary
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3802",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:02:37.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25780 (GCVE-0-2023-25780)
Vulnerability from nvd – Published: 2023-06-02 00:00 – Updated: 2025-01-08 18:01
VLAI
Title
Status Internet Co.,Ltd. PowerBPM - Broken Access Control
Summary
It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Status Internet Co.,Ltd. | PowerBPM |
Affected:
2.0
|
Date Public
2023-05-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:11.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T18:01:50.590665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T18:01:59.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PowerBPM",
"vendor": "Status Internet Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "E4"
}
],
"datePublic": "2023-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-02T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html"
}
],
"source": {
"advisory": "TVN-202305001",
"discovery": "EXTERNAL"
},
"title": "Status Internet Co.,Ltd. PowerBPM - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-25780",
"datePublished": "2023-06-02T00:00:00.000Z",
"dateReserved": "2023-02-15T00:00:00.000Z",
"dateUpdated": "2025-01-08T18:01:59.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4658 (GCVE-0-2010-4658)
Vulnerability from nvd – Published: 2020-02-07 15:04 – Updated: 2024-08-07 03:51
VLAI
Summary
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
Date Public
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "through 2010"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T15:04:58.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "through 2010"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4658",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4658"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/25/13",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4658",
"datePublished": "2020-02-07T15:04:58.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4659 (GCVE-0-2010-4659)
Vulnerability from nvd – Published: 2019-11-20 16:47 – Updated: 2024-08-07 03:51
VLAI
Summary
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4659 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "through 2010"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T16:47:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "through 2010"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4659",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4659"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4659",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4659"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/25/13",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4659",
"datePublished": "2019-11-20T16:47:43.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4660 (GCVE-0-2010-4660)
Vulnerability from nvd – Published: 2019-11-20 15:41 – Updated: 2024-08-07 03:51
VLAI
Summary
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "through 2010"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T15:41:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "through 2010"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4660",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/25/13",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4660",
"datePublished": "2019-11-20T15:41:50.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3370 (GCVE-0-2011-3370)
Vulnerability from nvd – Published: 2019-11-12 13:59 – Updated: 2024-08-06 23:29
VLAI
Summary
statusnet before 0.9.9 has XSS
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/security/cve/cve-2011-3370 | vendor-advisoryx_refsource_REDHAT |
| https://seclists.org/oss-sec/2011/q3/488 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3370"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3370"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q3/488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "statusnet",
"vendor": "statusnet",
"versions": [
{
"status": "affected",
"version": "before 0.9.9 and 1.0.0beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "statusnet before 0.9.9 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:59:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3370"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3370"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q3/488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "statusnet",
"version": {
"version_data": [
{
"version_value": "before 0.9.9 and 1.0.0beta2"
}
]
}
}
]
},
"vendor_name": "statusnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "statusnet before 0.9.9 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3370"
},
{
"name": "Red Hat",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/cve/cve-2011-3370"
},
{
"name": "https://seclists.org/oss-sec/2011/q3/488",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q3/488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3370",
"datePublished": "2019-11-12T13:59:18.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12164 (GCVE-0-2019-12164)
Vulnerability from nvd – Published: 2019-07-23 22:16 – Updated: 2024-08-04 23:10
VLAI
Summary
ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/status-im/react-native-desktop… | x_refsource_CONFIRM |
| https://github.com/status-im/react-native-desktop… | x_refsource_CONFIRM |
| https://github.com/status-im/react-native-desktop… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:16:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/status-im/react-native-desktop/pull/475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1",
"refsource": "CONFIRM",
"url": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1"
},
{
"name": "https://github.com/status-im/react-native-desktop/pull/475",
"refsource": "CONFIRM",
"url": "https://github.com/status-im/react-native-desktop/pull/475"
},
{
"name": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef",
"refsource": "CONFIRM",
"url": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12164",
"datePublished": "2019-07-23T22:16:57.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4137 (GCVE-0-2013-4137)
Vulnerability from nvd – Published: 2013-10-11 22:00 – Updated: 2024-09-17 03:07
VLAI
Summary
Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/07/18/5 | mailing-listx_refsource_MLIST |
| http://status.net/2013/07/16/security-alert-sql-i… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130718 CVE-2013-4137: StatusNet v1.1.0: SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/18/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and \"a particular tag format.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T22:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130718 CVE-2013-4137: StatusNet v1.1.0: SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/18/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and \"a particular tag format.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130718 CVE-2013-4137: StatusNet v1.1.0: SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/18/5"
},
{
"name": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x",
"refsource": "CONFIRM",
"url": "http://status.net/2013/07/16/security-alert-sql-injection-attack-for-statusnet-1-0-x-and-1-1-x"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4137",
"datePublished": "2013-10-11T22:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:07:53.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3802 (GCVE-0-2011-3802)
Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-09-17 02:02
VLAI
Summary
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3802",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:02:37.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}