admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-10 21:01:51 +00:00
parent 39ff40b65f
commit 1dec3ee347
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 149 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2021/41xxx/CVE-2021-41754.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/blockomat2100/PoCs/blob/main/dynamicMarkt/vulns.md",
"refsource": "MISC",
"name": "https://github.com/blockomat2100/PoCs/blob/main/dynamicMarkt/vulns.md"
},
{
"url": "https://www.heise.de/download/product/dynamicmarkt-3.10-marktplatz-software-90441",
"refsource": "MISC",
"name": "https://www.heise.de/download/product/dynamicmarkt-3.10-marktplatz-software-90441"
}
]
}

7
2022/21xxx/CVE-2022-21211.json
View File

@ -48,8 +48,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719",
"name": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719"
}
]
},
@ -57,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package posix.\n When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.\r\n\r\n"
"value": "This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check."
}
]
},

22
2022/24xxx/CVE-2022-24278.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830",
"name": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5"
"refsource": "MISC",
"url": "https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5",
"name": "https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/neocotic/convert-svg/pull/87"
"refsource": "MISC",
"url": "https://github.com/neocotic/convert-svg/pull/87",
"name": "https://github.com/neocotic/convert-svg/pull/87"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/neocotic/convert-svg/issues/86"
"refsource": "MISC",
"url": "https://github.com/neocotic/convert-svg/issues/86",
"name": "https://github.com/neocotic/convert-svg/issues/86"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.\n"
"value": "The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file."
}
]
},

12
2022/24xxx/CVE-2022-24376.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310",
"name": "https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310"
},
{
"refsource": "CONFIRM",
"url": "https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd"
"refsource": "MISC",
"url": "https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd",
"name": "https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package.\r\n**Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.\r\n"
"value": "All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue."
}
]
},

17
2022/24xxx/CVE-2022-24429.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212",
"name": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/neocotic/convert-svg/issues/84"
"refsource": "MISC",
"url": "https://github.com/neocotic/convert-svg/issues/84",
"name": "https://github.com/neocotic/convert-svg/issues/84"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1"
"refsource": "MISC",
"url": "https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1",
"name": "https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.\r\n\r\n"
"value": "The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file."
}
]
},

32
2022/25xxx/CVE-2022-25845.json
View File

@ -48,28 +48,34 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222",
"name": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222"
},
{
"refsource": "CONFIRM",
"url": "https://www.ddosi.org/fastjson-poc/"
"refsource": "MISC",
"url": "https://www.ddosi.org/fastjson-poc/",
"name": "https://www.ddosi.org/fastjson-poc/"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15"
"refsource": "MISC",
"url": "https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15",
"name": "https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d"
"refsource": "MISC",
"url": "https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d",
"name": "https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/alibaba/fastjson/wiki/security_update_20220523"
"refsource": "MISC",
"url": "https://github.com/alibaba/fastjson/wiki/security_update_20220523",
"name": "https://github.com/alibaba/fastjson/wiki/security_update_20220523"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/alibaba/fastjson/releases/tag/1.2.83"
"refsource": "MISC",
"url": "https://github.com/alibaba/fastjson/releases/tag/1.2.83",
"name": "https://github.com/alibaba/fastjson/releases/tag/1.2.83"
}
]
},
@ -77,7 +83,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers.\r\n\r\n Workaround:\r\n\r\nIf upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).\n"
"value": "The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode)."
}
]
},

27
2022/25xxx/CVE-2022-25851.json
View File

@ -48,24 +48,29 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218",
"name": "https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/jpeg-js/jpeg-js/issues/105"
"refsource": "MISC",
"url": "https://github.com/jpeg-js/jpeg-js/issues/105",
"name": "https://github.com/jpeg-js/jpeg-js/issues/105"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/jpeg-js/jpeg-js/pull/106/"
"refsource": "MISC",
"url": "https://github.com/jpeg-js/jpeg-js/pull/106/",
"name": "https://github.com/jpeg-js/jpeg-js/pull/106/"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27"
"refsource": "MISC",
"url": "https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27",
"name": "https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27"
}
]
},
@ -73,7 +78,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.\r\n\r\n\r\n"
"value": "The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return."
}
]
},

22
2022/25xxx/CVE-2022-25863.json
View File

@ -56,20 +56,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699",
"name": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699"
},
{
"refsource": "CONFIRM",
"url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing",
"name": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/gatsbyjs/gatsby/pull/35830"
"refsource": "MISC",
"url": "https://github.com/gatsbyjs/gatsby/pull/35830",
"name": "https://github.com/gatsbyjs/gatsby/pull/35830"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"
"refsource": "MISC",
"url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e",
"name": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e"
}
]
},
@ -77,7 +81,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization.\r\nExploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL).\r\n\r\n Workaround:\r\n\r\nIf an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing.\r\n\r\n"
"value": "The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing."
}
]
},

5
2022/29xxx/CVE-2022-29092.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities",
"name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
}
]
}

5
2022/29xxx/CVE-2022-29093.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities",
"name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
}
]
}

5
2022/29xxx/CVE-2022-29094.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities",
"name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
}
]
}

5
2022/29xxx/CVE-2022-29095.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities",
"name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
}
]
}