From 110ba5c225ebd993e5e0bf0b371c0f5c1ba6e6cd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 20:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/21xxx/CVE-2020-21599.json | 5 ++ 2021/35xxx/CVE-2021-35452.json | 5 ++ 2021/36xxx/CVE-2021-36408.json | 5 ++ 2021/36xxx/CVE-2021-36409.json | 5 ++ 2021/36xxx/CVE-2021-36410.json | 5 ++ 2021/36xxx/CVE-2021-36411.json | 5 ++ 2022/4xxx/CVE-2022-4518.json | 18 ++++++++ 2022/4xxx/CVE-2022-4519.json | 84 ++++++++++++++++++++++++++++++++++ 8 files changed, 132 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4518.json create mode 100644 2022/4xxx/CVE-2022-4519.json diff --git a/2020/21xxx/CVE-2020-21599.json b/2020/21xxx/CVE-2020-21599.json index 4ad1b22b0d0..ce369a5a7f4 100644 --- a/2020/21xxx/CVE-2020-21599.json +++ b/2020/21xxx/CVE-2020-21599.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/235", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/235" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/35xxx/CVE-2021-35452.json b/2021/35xxx/CVE-2021-35452.json index 943ef7a19bc..c8d88f2b0e6 100644 --- a/2021/35xxx/CVE-2021-35452.json +++ b/2021/35xxx/CVE-2021-35452.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/298", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/298" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36408.json b/2021/36xxx/CVE-2021-36408.json index c1ee7a8f786..8289bbc4531 100644 --- a/2021/36xxx/CVE-2021-36408.json +++ b/2021/36xxx/CVE-2021-36408.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/299", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/299" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36409.json b/2021/36xxx/CVE-2021-36409.json index 9c94e1ec298..2c0ef4e690d 100644 --- a/2021/36xxx/CVE-2021-36409.json +++ b/2021/36xxx/CVE-2021-36409.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/300", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/300" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36410.json b/2021/36xxx/CVE-2021-36410.json index fbca4555788..cad2a0e8af1 100644 --- a/2021/36xxx/CVE-2021-36410.json +++ b/2021/36xxx/CVE-2021-36410.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/301", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/301" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36411.json b/2021/36xxx/CVE-2021-36411.json index b26a33045a3..d9bb38ea1a7 100644 --- a/2021/36xxx/CVE-2021-36411.json +++ b/2021/36xxx/CVE-2021-36411.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/302", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/302" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2022/4xxx/CVE-2022-4518.json b/2022/4xxx/CVE-2022-4518.json new file mode 100644 index 00000000000..ff91c16c129 --- /dev/null +++ b/2022/4xxx/CVE-2022-4518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4519.json b/2022/4xxx/CVE-2022-4519.json new file mode 100644 index 00000000000..6dedc3a0dbd --- /dev/null +++ b/2022/4xxx/CVE-2022-4519.json @@ -0,0 +1,84 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-4519", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "walkeprashant", + "product": { + "product_data": [ + { + "product_name": "WP User \u2013 Custom Registration Forms, Login and User Profile", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ee21796-5340-4f84-b1c4-a95137a27223", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ee21796-5340-4f84-b1c4-a95137a27223" + }, + { + "url": "https://wordpress.org/plugins/wp-user/#description", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-user/#description" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file