admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#8350

Browse Source 
Auto-merge PR#8350
This commit is contained in:
CVE Team 2022-12-21 17:10:49 -05:00 committed by GitHub
commit 147fd8c549
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 539 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2021/4xxx/CVE-2021-4275.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "katlings pyambic-pentameter cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "katlings",
"product": {
"product_data": [
{
"product_name": "pyambic-pentameter",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/katlings\/pyambic-pentameter\/commit\/974f21aa1b2527ef39c8afe1a5060548217deca8"
},
{
"url": "https:\/\/vuldb.com\/?id.216498"
}
]
}

67
2022/4xxx/CVE-2022-4637.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "ep3-bs cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "ep3-bs",
"version": {
"version_data": [
{
"version_value": "1.8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in ep3-bs 1.8.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.1 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/tkrebs\/ep3-bs\/issues\/564"
},
{
"url": "https:\/\/github.com\/tkrebs\/ep3-bs\/releases\/tag\/1.8.1"
},
{
"url": "https:\/\/github.com\/tkrebs\/ep3-bs\/commit\/ef49e709c8adecc3a83cdc6164a67162991d2213"
},
{
"url": "https:\/\/vuldb.com\/?id.216495"
}
]
}

97
2022/4xxx/CVE-2022-4638.json
View File

@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "collective.contact.widget widgets.py title cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "collective.contact.widget",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
},
{
"version_value": "1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src\/collective\/contact\/widget\/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/collective\/collective.contact.widget\/commit\/5da36305ca7ed433782be8901c47387406fcda12"
},
{
"url": "https:\/\/vuldb.com\/?id.216496"
}
]
}

64
2022/4xxx/CVE-2022-4639.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "sslh Packet Dumping probe.c hexdump format string",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "sslh",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-134 Format String"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.6",
"vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/yrutschle\/sslh\/pull\/353"
},
{
"url": "https:\/\/github.com\/yrutschle\/sslh\/commit\/b19f8a6046b080e4c2e28354a58556bb26040c6f"
},
{
"url": "https:\/\/vuldb.com\/?id.216497"
}
]
}

61
2022/4xxx/CVE-2022-4640.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Mingsoft MCMS Article save cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mingsoft",
"product": {
"product_data": [
{
"product_name": "MCMS",
"version": {
"version_data": [
{
"version_value": "5.2.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/gitee.com\/mingSoft\/MCMS\/issues\/I65KI5"
},
{
"url": "https:\/\/vuldb.com\/?id.216499"
}
]
}

64
2022/4xxx/CVE-2022-4641.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4641",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "pig-vector LogisticRegression.java LogisticRegression temp file",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "pig-vector",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377 Insecure Temporary File"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src\/main\/java\/org\/apache\/mahout\/pig\/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.5",
"vectorString": "CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/tdunning\/pig-vector\/pull\/2"
},
{
"url": "https:\/\/github.com\/tdunning\/pig-vector\/commit\/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15"
},
{
"url": "https:\/\/vuldb.com\/?id.216500"
}
]
}

67
2022/4xxx/CVE-2022-4642.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4642",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "tatoeba2 Profile Name cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "tatoeba2",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version prod_2022-10-30 is able to address this issue. The name of the patch is 91110777fc8ddf1b4a2cf4e66e67db69b9700361. It is recommended to upgrade the affected component. The identifier VDB-216501 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/Tatoeba\/tatoeba2\/issues\/3002"
},
{
"url": "https:\/\/github.com\/Tatoeba\/tatoeba2\/releases\/tag\/prod_2022-10-30"
},
{
"url": "https:\/\/github.com\/Tatoeba\/tatoeba2\/commit\/91110777fc8ddf1b4a2cf4e66e67db69b9700361"
},
{
"url": "https:\/\/vuldb.com\/?id.216501"
}
]
}

82
2022/4xxx/CVE-2022-4643.json
View File

@ -4,14 +4,90 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "docconv pdf_ocr.go ConvertPDFImages os command injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "docconv",
"version": {
"version_data": [
{
"version_value": "1.2.1"
},
{
"version_value": "1.3.0"
},
{
"version_value": "1.3.1"
},
{
"version_value": "1.3.2"
},
{
"version_value": "1.3.3"
},
{
"version_value": "1.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-78 OS Command Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in docconv up to 1.3.4. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/sajari\/docconv\/pull\/110"
},
{
"url": "https:\/\/github.com\/sajari\/docconv\/releases\/tag\/v1.3.5"
},
{
"url": "https:\/\/github.com\/sajari\/docconv\/commit\/b19021ade3d0b71c89d35cb00eb9e589a121faa5"
},
{
"url": "https:\/\/vuldb.com\/?id.216502"
}
]
}