admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-24 23:01:19 +00:00
parent 9f36053aca
commit 03ea764750
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
18 changed files with 523 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2021/44xxx/CVE-2021-44565.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields."
"value": "A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields."
}
]
},

2
2021/44xxx/CVE-2021-44566.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Scripting vulnerability exists RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php."
"value": "A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php."
}
]
},

2
2021/44xxx/CVE-2021-44567.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php."
"value": "An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php."
}
]
},

10
2021/46xxx/CVE-2021-46614.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15408."
"value": "Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15408."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-201/"
"url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0006",
"refsource": "MISC",
"name": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0006"
},
{
"url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0006"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-201/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-201/"
}
]
},

10
2022/24xxx/CVE-2022-24048.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191."
"value": "MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-363/"
"url": "https://mariadb.com/kb/en/security/",
"refsource": "MISC",
"name": "https://mariadb.com/kb/en/security/"
},
{
"url": "https://mariadb.com/kb/en/security/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-363/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-363/"
}
]
},

10
2022/24xxx/CVE-2022-24050.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207."
"value": "MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-364/"
"url": "https://mariadb.com/kb/en/security/",
"refsource": "MISC",
"name": "https://mariadb.com/kb/en/security/"
},
{
"url": "https://mariadb.com/kb/en/security/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-364/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-364/"
}
]
},

10
2022/24xxx/CVE-2022-24051.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193."
"value": "MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-318/"
"url": "https://mariadb.com/kb/en/security/",
"refsource": "MISC",
"name": "https://mariadb.com/kb/en/security/"
},
{
"url": "https://mariadb.com/kb/en/security/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-318/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-318/"
}
]
},

10
2022/24xxx/CVE-2022-24052.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190."
"value": "MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-367/"
"url": "https://mariadb.com/kb/en/security/",
"refsource": "MISC",
"name": "https://mariadb.com/kb/en/security/"
},
{
"url": "https://mariadb.com/kb/en/security/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-367/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-367/"
}
]
},

18
2022/26xxx/CVE-2022-26090.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26091.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26092.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26093.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26094.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26095.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26096.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26097.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26098.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26099.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}