diff --git a/2021/41xxx/CVE-2021-41754.json b/2021/41xxx/CVE-2021-41754.json index 37e1f249534..ba6c4f0e7d9 100644 --- a/2021/41xxx/CVE-2021-41754.json +++ b/2021/41xxx/CVE-2021-41754.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41754", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41754", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/blockomat2100/PoCs/blob/main/dynamicMarkt/vulns.md", + "refsource": "MISC", + "name": "https://github.com/blockomat2100/PoCs/blob/main/dynamicMarkt/vulns.md" + }, + { + "url": "https://www.heise.de/download/product/dynamicmarkt-3.10-marktplatz-software-90441", + "refsource": "MISC", + "name": "https://www.heise.de/download/product/dynamicmarkt-3.10-marktplatz-software-90441" } ] } diff --git a/2022/21xxx/CVE-2022-21211.json b/2022/21xxx/CVE-2022-21211.json index 5a183e8ca47..c2aca57cafd 100644 --- a/2022/21xxx/CVE-2022-21211.json +++ b/2022/21xxx/CVE-2022-21211.json @@ -48,8 +48,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719", + "name": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719" } ] }, @@ -57,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package posix.\n When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.\r\n\r\n" + "value": "This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check." } ] }, diff --git a/2022/24xxx/CVE-2022-24278.json b/2022/24xxx/CVE-2022-24278.json index 6a57b8abf37..8bad7d9cf9d 100644 --- a/2022/24xxx/CVE-2022-24278.json +++ b/2022/24xxx/CVE-2022-24278.json @@ -48,20 +48,24 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830", + "name": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830" }, { - "refsource": "CONFIRM", - "url": "https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5" + "refsource": "MISC", + "url": "https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5", + "name": "https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5" }, { - "refsource": "CONFIRM", - "url": "https://github.com/neocotic/convert-svg/pull/87" + "refsource": "MISC", + "url": "https://github.com/neocotic/convert-svg/pull/87", + "name": "https://github.com/neocotic/convert-svg/pull/87" }, { - "refsource": "CONFIRM", - "url": "https://github.com/neocotic/convert-svg/issues/86" + "refsource": "MISC", + "url": "https://github.com/neocotic/convert-svg/issues/86", + "name": "https://github.com/neocotic/convert-svg/issues/86" } ] }, @@ -69,7 +73,7 @@ "description_data": [ { "lang": "eng", - "value": "The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.\n" + "value": "The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file." } ] }, diff --git a/2022/24xxx/CVE-2022-24376.json b/2022/24xxx/CVE-2022-24376.json index 26701137383..7ead75c256f 100644 --- a/2022/24xxx/CVE-2022-24376.json +++ b/2022/24xxx/CVE-2022-24376.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310", + "name": "https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310" }, { - "refsource": "CONFIRM", - "url": "https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd" + "refsource": "MISC", + "url": "https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd", + "name": "https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package.\r\n**Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.\r\n" + "value": "All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue." } ] }, diff --git a/2022/24xxx/CVE-2022-24429.json b/2022/24xxx/CVE-2022-24429.json index c6c8f676a08..cbd563d9565 100644 --- a/2022/24xxx/CVE-2022-24429.json +++ b/2022/24xxx/CVE-2022-24429.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212", + "name": "https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212" }, { - "refsource": "CONFIRM", - "url": "https://github.com/neocotic/convert-svg/issues/84" + "refsource": "MISC", + "url": "https://github.com/neocotic/convert-svg/issues/84", + "name": "https://github.com/neocotic/convert-svg/issues/84" }, { - "refsource": "CONFIRM", - "url": "https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1" + "refsource": "MISC", + "url": "https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1", + "name": "https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.\r\n\r\n" + "value": "The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file." } ] }, diff --git a/2022/25xxx/CVE-2022-25845.json b/2022/25xxx/CVE-2022-25845.json index 11caec9327f..3bdcaf37797 100644 --- a/2022/25xxx/CVE-2022-25845.json +++ b/2022/25xxx/CVE-2022-25845.json @@ -48,28 +48,34 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222" }, { - "refsource": "CONFIRM", - "url": "https://www.ddosi.org/fastjson-poc/" + "refsource": "MISC", + "url": "https://www.ddosi.org/fastjson-poc/", + "name": "https://www.ddosi.org/fastjson-poc/" }, { - "refsource": "CONFIRM", - "url": "https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15" + "refsource": "MISC", + "url": "https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15", + "name": "https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15" }, { - "refsource": "CONFIRM", - "url": "https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d" + "refsource": "MISC", + "url": "https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d", + "name": "https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d" }, { - "refsource": "CONFIRM", - "url": "https://github.com/alibaba/fastjson/wiki/security_update_20220523" + "refsource": "MISC", + "url": "https://github.com/alibaba/fastjson/wiki/security_update_20220523", + "name": "https://github.com/alibaba/fastjson/wiki/security_update_20220523" }, { - "refsource": "CONFIRM", - "url": "https://github.com/alibaba/fastjson/releases/tag/1.2.83" + "refsource": "MISC", + "url": "https://github.com/alibaba/fastjson/releases/tag/1.2.83", + "name": "https://github.com/alibaba/fastjson/releases/tag/1.2.83" } ] }, @@ -77,7 +83,7 @@ "description_data": [ { "lang": "eng", - "value": "The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers.\r\n\r\n Workaround:\r\n\r\nIf upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).\n" + "value": "The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode)." } ] }, diff --git a/2022/25xxx/CVE-2022-25851.json b/2022/25xxx/CVE-2022-25851.json index aef013d135b..997cdd742b6 100644 --- a/2022/25xxx/CVE-2022-25851.json +++ b/2022/25xxx/CVE-2022-25851.json @@ -48,24 +48,29 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218", + "name": "https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295" }, { - "refsource": "CONFIRM", - "url": "https://github.com/jpeg-js/jpeg-js/issues/105" + "refsource": "MISC", + "url": "https://github.com/jpeg-js/jpeg-js/issues/105", + "name": "https://github.com/jpeg-js/jpeg-js/issues/105" }, { - "refsource": "CONFIRM", - "url": "https://github.com/jpeg-js/jpeg-js/pull/106/" + "refsource": "MISC", + "url": "https://github.com/jpeg-js/jpeg-js/pull/106/", + "name": "https://github.com/jpeg-js/jpeg-js/pull/106/" }, { - "refsource": "CONFIRM", - "url": "https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27" + "refsource": "MISC", + "url": "https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27", + "name": "https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27" } ] }, @@ -73,7 +78,7 @@ "description_data": [ { "lang": "eng", - "value": "The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.\r\n\r\n\r\n" + "value": "The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return." } ] }, diff --git a/2022/25xxx/CVE-2022-25863.json b/2022/25xxx/CVE-2022-25863.json index f4b354a5e64..74ac9013c27 100644 --- a/2022/25xxx/CVE-2022-25863.json +++ b/2022/25xxx/CVE-2022-25863.json @@ -56,20 +56,24 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699", + "name": "https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699" }, { - "refsource": "CONFIRM", - "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing" + "refsource": "MISC", + "url": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing", + "name": "https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing" }, { - "refsource": "CONFIRM", - "url": "https://github.com/gatsbyjs/gatsby/pull/35830" + "refsource": "MISC", + "url": "https://github.com/gatsbyjs/gatsby/pull/35830", + "name": "https://github.com/gatsbyjs/gatsby/pull/35830" }, { - "refsource": "CONFIRM", - "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e" + "refsource": "MISC", + "url": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e", + "name": "https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e" } ] }, @@ -77,7 +81,7 @@ "description_data": [ { "lang": "eng", - "value": "The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization.\r\nExploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL).\r\n\r\n Workaround:\r\n\r\nIf an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing.\r\n\r\n" + "value": "The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing." } ] }, diff --git a/2022/29xxx/CVE-2022-29092.json b/2022/29xxx/CVE-2022-29092.json index 8b3cbcdbd3c..c51f36f9f57 100644 --- a/2022/29xxx/CVE-2022-29092.json +++ b/2022/29xxx/CVE-2022-29092.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities", + "name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" } ] } diff --git a/2022/29xxx/CVE-2022-29093.json b/2022/29xxx/CVE-2022-29093.json index 4f205d32503..d3065827980 100644 --- a/2022/29xxx/CVE-2022-29093.json +++ b/2022/29xxx/CVE-2022-29093.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities", + "name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" } ] } diff --git a/2022/29xxx/CVE-2022-29094.json b/2022/29xxx/CVE-2022-29094.json index a424f9efc6e..101b34a126f 100644 --- a/2022/29xxx/CVE-2022-29094.json +++ b/2022/29xxx/CVE-2022-29094.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities", + "name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" } ] } diff --git a/2022/29xxx/CVE-2022-29095.json b/2022/29xxx/CVE-2022-29095.json index bf835b37818..ac6a592ed9e 100644 --- a/2022/29xxx/CVE-2022-29095.json +++ b/2022/29xxx/CVE-2022-29095.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities", + "name": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities" } ] }