From 0f8830b1d8509bb95bb27d45958a6c17a7a28e19 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 23 Dec 2022 16:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/31xxx/CVE-2021-31693.json | 5 ++ 2021/46xxx/CVE-2021-46784.json | 5 ++ 2022/2xxx/CVE-2022-2938.json | 5 ++ 2022/38xxx/CVE-2022-38757.json | 133 +++++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3165.json | 5 ++ 2022/3xxx/CVE-2022-3545.json | 5 ++ 2022/3xxx/CVE-2022-3564.json | 5 ++ 2022/3xxx/CVE-2022-3705.json | 5 ++ 2022/47xxx/CVE-2022-47938.json | 72 ++++++++++++++++++ 2022/47xxx/CVE-2022-47939.json | 72 ++++++++++++++++++ 2022/47xxx/CVE-2022-47940.json | 72 ++++++++++++++++++ 2022/47xxx/CVE-2022-47941.json | 72 ++++++++++++++++++ 2022/47xxx/CVE-2022-47942.json | 72 ++++++++++++++++++ 2022/4xxx/CVE-2022-4697.json | 84 +++++++++++++++++++++ 2022/4xxx/CVE-2022-4698.json | 84 +++++++++++++++++++++ 15 files changed, 690 insertions(+), 6 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47938.json create mode 100644 2022/47xxx/CVE-2022-47939.json create mode 100644 2022/47xxx/CVE-2022-47940.json create mode 100644 2022/47xxx/CVE-2022-47941.json create mode 100644 2022/47xxx/CVE-2022-47942.json create mode 100644 2022/4xxx/CVE-2022-4697.json create mode 100644 2022/4xxx/CVE-2022-4698.json diff --git a/2021/31xxx/CVE-2021-31693.json b/2021/31xxx/CVE-2021-31693.json index dd120a263c3..fe7d639fcb8 100644 --- a/2021/31xxx/CVE-2021-31693.json +++ b/2021/31xxx/CVE-2021-31693.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html", "url": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0009/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0009/" } ] }, diff --git a/2021/46xxx/CVE-2021-46784.json b/2021/46xxx/CVE-2021-46784.json index f295b9edc4d..d91ec01806f 100644 --- a/2021/46xxx/CVE-2021-46784.json +++ b/2021/46xxx/CVE-2021-46784.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2021-46784", "url": "https://security-tracker.debian.org/tracker/CVE-2021-46784" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0007/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0007/" } ] } diff --git a/2022/2xxx/CVE-2022-2938.json b/2022/2xxx/CVE-2022-2938.json index 63162b76d51..163a79712d1 100644 --- a/2022/2xxx/CVE-2022-2938.json +++ b/2022/2xxx/CVE-2022-2938.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0002/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0002/" } ] }, diff --git a/2022/38xxx/CVE-2022-38757.json b/2022/38xxx/CVE-2022-38757.json index feca1b0b006..73e9270aa25 100644 --- a/2022/38xxx/CVE-2022-38757.json +++ b/2022/38xxx/CVE-2022-38757.json @@ -1,18 +1,139 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@microfocus.com", "ID": "CVE-2022-38757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CVE-2022-38757 ZENworks" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZENworks Configuration Management (ZCM)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ZENworks 2020", + "version_value": "Update 3a" + } + ] + } + }, + { + "product_name": "ZENworks Asset Management", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ZENworks 2020", + "version_value": "Update 3a" + } + ] + } + }, + { + "product_name": "ZENworks Endpoint Security Management (ZESM)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ZENworks 2020", + "version_value": "Update 3a" + } + ] + } + }, + { + "product_name": "ZENworks Patch Management (ZPM)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ZENworks 2020", + "version_value": "Update 3a" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://portal.microfocus.com/s/article/KM000012895?language=en_US", + "name": "https://portal.microfocus.com/s/article/KM000012895?language=en_US" + }, + { + "refsource": "MISC", + "url": "https://kmviewer.saas.microfocus.com/#/PH_206719", + "name": "https://kmviewer.saas.microfocus.com/#/PH_206719" + }, + { + "refsource": "MISC", + "url": "https://kmviewer.saas.microfocus.com/#/PH_206720", + "name": "https://kmviewer.saas.microfocus.com/#/PH_206720" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of ZENworks:\n\n https://kmviewer.saas.microfocus.com/#/PH_206719 (ZENworks 2020 Update 2)\n https://kmviewer.saas.microfocus.com/#/PH_206720 (ZENworks 2020 Update 3a and ZENworks 2020 Update 3)" + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3165.json b/2022/3xxx/CVE-2022-3165.json index d0e6c15f023..cebbc0ea86d 100644 --- a/2022/3xxx/CVE-2022-3165.json +++ b/2022/3xxx/CVE-2022-3165.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-4387579e67", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0006/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0006/" } ] }, diff --git a/2022/3xxx/CVE-2022-3545.json b/2022/3xxx/CVE-2022-3545.json index 1650b3fcf84..54d165fdb40 100644 --- a/2022/3xxx/CVE-2022-3545.json +++ b/2022/3xxx/CVE-2022-3545.json @@ -71,6 +71,11 @@ "url": "https://vuldb.com/?id.211045", "refsource": "MISC", "name": "https://vuldb.com/?id.211045" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0003/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0003/" } ] } diff --git a/2022/3xxx/CVE-2022-3564.json b/2022/3xxx/CVE-2022-3564.json index b2d9deee3f4..c5e6b568fc8 100644 --- a/2022/3xxx/CVE-2022-3564.json +++ b/2022/3xxx/CVE-2022-3564.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0001/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0001/" } ] } diff --git a/2022/3xxx/CVE-2022-3705.json b/2022/3xxx/CVE-2022-3705.json index cca5d323886..e27ad70ec95 100644 --- a/2022/3xxx/CVE-2022-3705.json +++ b/2022/3xxx/CVE-2022-3705.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-4bc60c32a2", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0004/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0004/" } ] } diff --git a/2022/47xxx/CVE-2022-47938.json b/2022/47xxx/CVE-2022-47938.json new file mode 100644 index 00000000000..3487cdb54e3 --- /dev/null +++ b/2022/47xxx/CVE-2022-47938.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNNECT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2" + }, + { + "url": "https://github.com/torvalds/linux/commit/824d4f64c20093275f72fc8101394d75ff6a249e", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/824d4f64c20093275f72fc8101394d75ff6a249e" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=824d4f64c20093275f72fc8101394d75ff6a249e", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=824d4f64c20093275f72fc8101394d75ff6a249e" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47939.json b/2022/47xxx/CVE-2022-47939.json new file mode 100644 index 00000000000..72731833618 --- /dev/null +++ b/2022/47xxx/CVE-2022-47939.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2" + }, + { + "url": "https://github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47940.json b/2022/47xxx/CVE-2022-47940.json new file mode 100644 index 00000000000..6b83d2580f5 --- /dev/null +++ b/2022/47xxx/CVE-2022-47940.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ksmbd in the Linux kernel before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18" + }, + { + "url": "https://github.com/torvalds/linux/commit/158a66b245739e15858de42c0ba60fcf3de9b8e6", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/158a66b245739e15858de42c0ba60fcf3de9b8e6" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=158a66b245739e15858de42c0ba60fcf3de9b8e6", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=158a66b245739e15858de42c0ba60fcf3de9b8e6" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47941.json b/2022/47xxx/CVE-2022-47941.json new file mode 100644 index 00000000000..d6d79e77e2e --- /dev/null +++ b/2022/47xxx/CVE-2022-47941.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2" + }, + { + "url": "https://github.com/torvalds/linux/commit/aa7253c2393f6dcd6a1468b0792f6da76edad917", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/aa7253c2393f6dcd6a1468b0792f6da76edad917" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa7253c2393f6dcd6a1468b0792f6da76edad917", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa7253c2393f6dcd6a1468b0792f6da76edad917" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47942.json b/2022/47xxx/CVE-2022-47942.json new file mode 100644 index 00000000000..5217e195ee0 --- /dev/null +++ b/2022/47xxx/CVE-2022-47942.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2" + }, + { + "url": "https://github.com/torvalds/linux/commit/8f0541186e9ad1b62accc9519cc2b7a7240272a7", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/8f0541186e9ad1b62accc9519cc2b7a7240272a7" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f0541186e9ad1b62accc9519cc2b7a7240272a7", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f0541186e9ad1b62accc9519cc2b7a7240272a7" + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4697.json b/2022/4xxx/CVE-2022-4697.json new file mode 100644 index 00000000000..8faaaaf7e2e --- /dev/null +++ b/2022/4xxx/CVE-2022-4697.json @@ -0,0 +1,84 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-4697", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wp_user_cover_default_image_url\u2019 parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "collizo4sky", + "product": { + "product_data": [ + { + "product_name": "Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content \u2013 ProfilePress", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d54f585-0116-4517-84f1-271e89a05539", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d54f585-0116-4517-84f1-271e89a05539" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4698.json b/2022/4xxx/CVE-2022-4698.json new file mode 100644 index 00000000000..0737dc2c01c --- /dev/null +++ b/2022/4xxx/CVE-2022-4698.json @@ -0,0 +1,84 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-4698", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "collizo4sky", + "product": { + "product_data": [ + { + "product_name": "Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content \u2013 ProfilePress", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43c9dcec-f769-4c55-93d0-c2aa45a4fa16", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43c9dcec-f769-4c55-93d0-c2aa45a4fa16" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ivan Kuzymchak" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file