admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-01 17:00:34 +00:00
parent 3e6304394a
commit 1e9752b948
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 351 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
2022/28xxx/CVE-2022-28199.json
View File

@ -34,17 +34,17 @@
"description_data": [
{
"lang": "eng",
"value": "NVIDIAs distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality."
"value": "NVIDIA\u2019s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality."
}
]
},
"impact": {
"cvss": {
"baseScore" : 6.5,
"baseSeverity" : "Medium",
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.1"
}
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
@ -61,9 +61,10 @@
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5389"
}
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5389",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5389"
}
]
}
}

37
2022/34xxx/CVE-2022-34768.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-03T14:40:00.000Z",
"DATE_PUBLIC": "2022-08-21T11:14:00.000Z",
"ID": "CVE-2022-34768",
"STATE": "PUBLIC",
"TITLE": "Supersmart.me - Walk Through Performing unauthorized actions on other customers"
"TITLE": "Synel - eHarmony Stored XSS"
},
"affects": {
"vendor": {
@ -13,19 +13,20 @@
"product": {
"product_data": [
{
"product_name": "Supersmart.me - Walk Through",
"product_name": "eHarmony",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "Update to the latest version."
"version_affected": ">",
"version_name": "v11",
"version_value": "v11"
}
]
}
}
]
},
"vendor_name": "Supersmart.me"
"vendor_name": "Synel"
}
]
}
@ -33,7 +34,7 @@
"credit": [
{
"lang": "eng",
"value": "Nerya Zadkani"
"value": "Moriel Harush - Sophtix Security LTD"
}
],
"data_format": "MITRE",
@ -43,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer's cart without verification. Because the number of purchases is serial."
"value": "insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code."
}
]
},
@ -53,16 +54,16 @@
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
@ -72,7 +73,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
@ -82,20 +83,20 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to the latest version."
"value": "Update to eHarmony v11."
}
],
"source": {
"defect": [
"ILVN-2022-0040"
"ILVN-2022-0049"
],
"discovery": "EXTERNAL"
}

70
2022/34xxx/CVE-2022-34769.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-03T14:40:00.000Z",
"DATE_PUBLIC": "2022-08-21T11:14:00.000Z",
"ID": "CVE-2022-34769",
"STATE": "PUBLIC",
"TITLE": "Michlol - rashim web interface Insecure direct object references (IDOR)"
"TITLE": "PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection"
},
"affects": {
"vendor": {
@ -13,20 +13,56 @@
"product": {
"product_data": [
{
"product_name": "Michlol - rashim web ",
"product_name": "PROSCEND M330-w / M330-W5",
"version": {
"version_data": [
{
"version_affected": ">",
"version_name": "187.4392",
"version_value": "187.4392"
"version_name": "V1.11",
"version_value": "V1.11"
}
]
}
},
{
"product_name": "PROSCEND M350-5G / M350-W5G / M350-6 / M350-W6",
"version": {
"version_data": [
{
"version_affected": ">",
"version_name": "V1.02",
"version_value": "V1.02"
}
]
}
},
{
"product_name": "PROSCEND M301-G / M301-GW",
"version": {
"version_data": [
{
"version_affected": ">",
"version_name": "V2.20",
"version_value": "V2.20"
}
]
}
},
{
"product_name": "ADVICE ICR 111WG ",
"version": {
"version_data": [
{
"version_affected": ">",
"version_name": "V1.11",
"version_value": "V1.11"
}
]
}
}
]
},
"vendor_name": "Michlol "
"vendor_name": "PROSCEND"
}
]
}
@ -34,7 +70,7 @@
"credit": [
{
"lang": "eng",
"value": "Gad Abuhatzera - Sophtix Security LTD. "
"value": "MetaData"
}
],
"data_format": "MITRE",
@ -44,7 +80,7 @@
"description_data": [
{
"lang": "eng",
"value": "Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user."
"value": "PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301"
}
]
},
@ -54,16 +90,16 @@
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
@ -73,7 +109,7 @@
"description": [
{
"lang": "eng",
"value": " interface Insecure direct object references"
"value": "Unauthenticated OS Command Injection"
}
]
}
@ -83,20 +119,20 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version 187.4392"
"value": "Update released for the following versions:\nProscend M330-w / M330-W5 Plan to fix on V1.11\nProscend M350-5G / M350-W5G / M350-6 / M350-W6 Fixed on V1.02\nProscend M301-G / M301-GW Fixed on V2.20\nADVICE ICR 111WG / Plan to fix on V1.11"
}
],
"source": {
"defect": [
"ILVN-2022-0041"
"ILVN-2022-0050"
],
"discovery": "EXTERNAL"
}

93
2022/36xxx/CVE-2022-36355.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-01T08:41:00.000Z",
"ID": "CVE-2022-36355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Easy Org Chart plugin <= 3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy Org Chart (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.1",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "PluginlySpeaking"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/easy-org-chart/wordpress-easy-org-chart-plugin-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/easy-org-chart/wordpress-easy-org-chart-plugin-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/easy-org-chart/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/easy-org-chart/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/36xxx/CVE-2022-36373.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-01T09:17:00.000Z",
"ID": "CVE-2022-36373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress MP3 jPlayer plugin <= 2.7.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MP3-jPlayer (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.7.3",
"version_value": "2.7.3"
}
]
}
}
]
},
"vendor_name": "Simon Ward"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/mp3-jplayer/wordpress-mp3-jplayer-plugin-2-7-3-multiple-cross-site-request-forgery-csrf-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/mp3-jplayer/wordpress-mp3-jplayer-plugin-2-7-3-multiple-cross-site-request-forgery-csrf-vulnerabilities"
},
{
"name": "https://wordpress.org/plugins/mp3-jplayer/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/mp3-jplayer/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

101
2022/36xxx/CVE-2022-36796.json
View File

@ -1,18 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-01T10:19:00.000Z",
"ID": "CVE-2022-36796",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CallRail Phone Call Tracking (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 0.4.9",
"version_value": "0.4.9"
}
]
}
}
]
},
"vendor_name": "CallRail, Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/callrail-phone-call-tracking/wordpress-callrail-phone-call-tracking-plugin-0-4-9-cross-site-request-forgery-csrf-vulnerability-leading-to-stored-cross-site-scripting-xss",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/callrail-phone-call-tracking/wordpress-callrail-phone-call-tracking-plugin-0-4-9-cross-site-request-forgery-csrf-vulnerability-leading-to-stored-cross-site-scripting-xss"
},
{
"name": "https://wordpress.org/plugins/callrail-phone-call-tracking/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/callrail-phone-call-tracking/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}