admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-17 19:02:09 +00:00
parent 2c51038a47
commit 1341cd4154
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
18 changed files with 635 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
2021/25xxx/CVE-2021-25094.json
View File

@ -1,80 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25094",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tatsu < 3.3.12 - Unauthenticated RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tatsu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.12",
"version_value": "3.3.12"
"CVE_data_meta": {
"ID": "CVE-2021-25094",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tatsu < 3.3.12 - Unauthenticated RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tatsu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.12",
"version_value": "3.3.12"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot \".\", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd",
"name": "https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd"
},
{
"refsource": "MISC",
"url": "https://darkpills.com/wordpress-tatsu-builder-preauth-rce-cve-2021-25094/",
"name": "https://darkpills.com/wordpress-tatsu-builder-preauth-rce-cve-2021-25094/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot \".\", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Vincent MICHEL"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd",
"name": "https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd"
},
{
"refsource": "MISC",
"url": "https://darkpills.com/wordpress-tatsu-builder-preauth-rce-cve-2021-25094/",
"name": "https://darkpills.com/wordpress-tatsu-builder-preauth-rce-cve-2021-25094/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167190/WordPress-Tatsu-Builder-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/167190/WordPress-Tatsu-Builder-Remote-Code-Execution.html"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Vincent MICHEL"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

5
2021/46xxx/CVE-2021-46422.json
View File

@ -56,6 +56,11 @@
"url": "https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.html"
}
]
}

5
2022/0xxx/CVE-2022-0967.json
View File

@ -79,6 +79,11 @@
"name": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
}
]
},

166
2022/1xxx/CVE-2022-1735.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1735",
"STATE": "PUBLIC",
"TITLE": " Classic Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1735",
"STATE": "PUBLIC",
"TITLE": " Classic Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": " Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9"
},
{
"name": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97"
}
]
},
"source": {
"advisory": "c9f85608-ff11-48e4-933d-53d1759d44d9",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9"
},
{
"name": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97"
}
]
},
"source": {
"advisory": "c9f85608-ff11-48e4-933d-53d1759d44d9",
"discovery": "EXTERNAL"
}
}

18
2022/1xxx/CVE-2022-1770.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

305
2022/22xxx/CVE-2022-22773.json
View File

@ -1,151 +1,156 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-05-17T17:00:00Z",
"ID": "CVE-2022-22773",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Developer Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.9.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Mohamed Rezgui for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Community Edition versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Developer Edition versions 8.0.0 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.2 and below: This product is deprecated and should be uninstalled\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.1 and below: update to version 8.0.2 or later"
}
],
"source": {
"discovery": ""
}
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-05-17T17:00:00Z",
"ID": "CVE-2022-22773",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Developer Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.9.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.0.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Mohamed Rezgui for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-jasperreports-server-cve-2022-22773",
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-jasperreports-server-cve-2022-22773"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Community Edition versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Developer Edition versions 8.0.0 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.2 and below: This product is deprecated and should be uninstalled\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.1 and below: update to version 8.0.2 or later"
}
],
"source": {
"discovery": ""
}
}

205
2022/22xxx/CVE-2022-22775.json
View File

@ -1,101 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-05-17T17:00:00Z",
"ID": "CVE-2022-22775",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BPM Enterprise",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "4.3.1"
}
]
}
},
{
"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.1 and below: update to version 4.3.2 or later\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below: update to version 4.3.2 or later"
}
],
"source": {
"discovery": "ING Bank N.V."
}
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-05-17T17:00:00Z",
"ID": "CVE-2022-22775",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BPM Enterprise",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "4.3.1"
}
]
}
},
{
"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775",
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.1 and below: update to version 4.3.2 or later\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below: update to version 4.3.2 or later"
}
],
"source": {
"discovery": "ING Bank N.V."
}
}

50
2022/23xxx/CVE-2022-23674.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authenticated stored cross-site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

5
2022/24xxx/CVE-2022-24108.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2022/May/30",
"url": "https://seclists.org/fulldisclosure/2022/May/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html",
"url": "http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html"
}
]
}

5
2022/29xxx/CVE-2022-29303.json
View File

@ -56,6 +56,11 @@
"url": "https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167183/SolarView-Compact-6.0-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/167183/SolarView-Compact-6.0-Command-Injection.html"
}
]
}

6
2022/29xxx/CVE-2022-29414.json
View File

@ -93,6 +93,12 @@
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 220502 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}

99
2022/29xxx/CVE-2022-29429.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-05-04T14:51:00.000Z",
"ID": "CVE-2022-29429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Code Snippets Extended (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.4.7",
"version_value": "1.4.7"
}
]
}
}
]
},
"vendor_name": "Alexander Stokmann"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/code-snippets-extended/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/code-snippets-extended/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-leading-to-remote-code-execution-rce-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-leading-to-remote-code-execution-rce-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Deactivate and delete. No patched version is available. No reply from the vendor."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

5
2022/29xxx/CVE-2022-29727.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/haxpunk1337/Enterprise-Survey-Software/blob/main/Enterprise-Survey-Software%202022",
"refsource": "MISC",
"name": "https://github.com/haxpunk1337/Enterprise-Survey-Software/blob/main/Enterprise-Survey-Software%202022"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167187/Survey-Sparrow-Enterprise-Survey-Software-2022-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/167187/Survey-Sparrow-Enterprise-Survey-Software-2022-Cross-Site-Scripting.html"
}
]
}

5
2022/30xxx/CVE-2022-30946.json
View File

@ -65,6 +65,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30948.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30949.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30952.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30954.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}